I built Deft to make security scanning accessible. Point it at any domain, checks certificate, analyzes email security (SPF/DKIM/DMARC), and grades your security headers – all in about some seconds.
Features:
- Port scanning with service detection across main domain + top 10 subdomains
- Subdomain discovery via certificate transparency and passive recon
- Email security analysis with actionable grades (A-F)
- Security headers audit (CSP, HSTS, X-Frame-Options, etc.)
- Executive summary for non-technical stakeholders
- No signup required for the free scan
The free tier gives you a solid overview. Paid reports ($29) add full CVE vulnerability detection, complete subdomain scanning, and a detailed PDF report you can share with your team.
I've been using this to audit client sites before taking on projects. Found an exposed MongoDB on a $2M ARR SaaS last month – they had no idea.
Try it: https://deft.is
Happy to answer questions about the methodology or the security tools under the hood.